Security News > 2022 > December > Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale
Restaurant customer management platform SevenRooms has confirmed it suffered a data breach after a threat actor began selling stolen data on a hacking forum.
SevenRooms is a restaurant customer relationship management platform used by international restaurant chains and hospitality service providers, such as MGM Resorts, Bloomin' Brands, Mandarin Oriental, Wolfgang Puck, and many more.
On December 15, a threat actor posted data samples on the Breached hacking forum, claiming to have stolen a 427 GB backup database with thousands of files containing information about SevenRooms customers.
The samples provided by the seller include folders named after big restaurant chains, clients of SevenRooms, API keys, promo codes, payment reports, reservation lists, and more.
After BleepingComptuer contacted SevenRooms about the data being sold online, they confirmed that it was their data was caused by unauthorized access to the systems of one of its vendors.
While it is unclear what restaurants and customers were affected by this breach, we will likely see further data breach notifications released by restaurants whose customers' data was exposed.